[nsp-sec] ACK: 2119 - Re: ongoing DOS Against 64.7.135.158 (19:00 UTC)
Helge Aksdal
helge.aksdal at telenor.com
Mon Oct 15 17:48:16 EDT 2012
Hi Mike,
* Mike Tancsa (2012-10-15 21:33):
> ----------- nsp-security Confidential --------
>
> Hi,
> We are dealing a large (for us) attack against a colo customer. It
> seems to be a classic DNS reflection attack that started around 18:30
> UTC (2:30 EDT) and would appreciate any help we can get
>
>
> packet dump below as well as attacking IPs. The attack is ongoing right
> now. I would appreciate any help in mitigating the attack as I see it
> coming in all my connections. Feel free to block UDP DNS requests from
> 64.7.135.158 for the next 12hrs if thats doable. Its not supposed to be
> a resolver for anything and the attacker is just spoofing the requests
>
> 2119 | 148.122.181.225 | 148.122.0.0/16 | NO | ripencc | 1991-04-08 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 148.122.181.228 | 148.122.0.0/16 | NO | ripencc | 1991-04-08 | TELENOR-NEXTEL Telenor Norge AS
ACK for 2119. Thanks!
--
Helge Aksdal
Telenor
More information about the nsp-security
mailing list